[
https://issues.apache.org/jira/browse/LIVY-894?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17635095#comment-17635095
]
bharath kumar commented on LIVY-894:
------------------------------------
[~lmccay] Thanks for looking in to this,this might be a security issue if we
don't fix it.
* Livy is now being integrated with many components , if we can have this fix
available , i believe we would be in a better position in terms of security.
* Enterprise solutions might have LDAP authentication with livy, if
credentials are exchanged over wire without encryption, it's going to be a
security incident.
I am moving this 0.8.0, hope above justifications are good enough. Thanks again.
> Add secure authentication for livy when ldap is configured for authentication
> -----------------------------------------------------------------------------
>
> Key: LIVY-894
> URL: https://issues.apache.org/jira/browse/LIVY-894
> Project: Livy
> Issue Type: New Feature
> Components: API
> Affects Versions: 0.7.0
> Reporter: bharath kumar
> Priority: Critical
> Fix For: 0.9.0
>
>
> Hello,
> As i understand , livy authentication with ldap is not secured. Since
> authentication is BASIC and tls is disabled, livy would be susceptible to
> man-in-the-middle attacks. Can you please look in to this and provide a
> secure authentication mechanism for livy with ldap integration.
> Thanks
> Bharath
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
